Modern security threats are complex and vary in severity of likelihood to do damage to a network or a system. Such security threats include severity levels including potentially unwanted application (“PUA”), AdWare, Backdoor, and DataTheft Trojan. Further, potential for these types of threats to do damage to a network or a system may depend on the type of operating system, hardware, or network. The threats may only be effective against certain types of operating systems such as Windows XP or Mac OS X. At the time of detection, they may have just landed on a victim machine or already successfully installed itself. The same malware may be picked up by one brand of antivirus program for a digital device but not by another; the infected digital device may belong to the front desk or to the advanced R&D labs. For the IT security groups and incident response personnel, there needs to be a very practical method and system to take all these factors into consideration, to rate the risk for a given threat incident so that appropriate response actions can be taken timely and effectively to mitigate the risk.
Currently, antivirus vendors have used the notion of a “ThreatCon” level on their virus encyclopedia site, which is an indication of a global prevalence of a virus based on their observation. Some vendors have introduced a notion of a risk level of Internet applications, based on the likely security risk associated with the use of these applications on a network, e.g., use of an encrypted version of bittorrent on a network may have both bandwidth consumption and violation of copyright laws. However, these systems fail to act as a comprehensive system for quantifying risk and computing a risk score of a threat incident within the local context of a targeted environment. Further, these systems fail to provide a way to compute a risk score in real time.